Save for the issue of PTR DNS records not being automatically created
when joining a linux client to a Samba AD, I've had no problems joining
Ubuntu + Louis van Belle linux clients to a Samba domain using the
internal Samba DNS server.
At the moment, I'm working on joining an Arch linux client to a Samba
AD, and have run into an issue I didn't see on Ubuntu and want to find
out what the difference is. Note: nearly identical smb.conf files (only
the Shares differ) and same krb5.conf file.
When I attempt to join the Arch linux machine to the domain using `net
ads join`:
[root at erap-gnome samba]# net ads join -U administrator
Password for [EA\administrator]:
Using short domain name -- EA
Joined 'ERAP-GNOME' to dns domain 'ea.linuxcs.com'
No DNS domain configured for erap-gnome. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
I looked up NT_STATUS_INVALID_PARAMETER in the wiki, and the suggestion
was a missing or invalid host entry in /etc/hosts. I did indeed have a
typo in the machine's entry in /etc/hosts, but fixing the typo did not
resolve the issue. I get the same (or similar) error message when
attempting to rejoin the machine to the domain. The machine is added to
the domain, but no DNS A record is generated for it.
I also tried using:
# samba-tool domain join ea.linuxcs.com MEMBER -U Administrator
Using samba-tool there's no error message, but also no DNS entry:
root at samba-dc:/var/log/samba# samba-tool dns query samba-dc
ea.linuxcs.com erap-gnome ALL -U administrator
Password for [EA\administrator]:
ERROR: Record or zone does not exist.
All the domain tests like `wbinfo -g` work properly on the Arch client,
so I'm fairly confident I can just create the DNS records for this host
by hand, but am still wondering what the difference is between the
Ubuntu installs and this Arch linux install.
Also, following the suggestion here:
https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates, in particular
# samba_dnsupdate --verbose --all-names
I get confusing output. On the one hand:
...
...
force update: A ForestDnsZones.ea.linuxcs.com 192.168.1.80
force update: SRV _ldap._tcp.ForestDnsZones.ea.linuxcs.com
samba-dc.ea.linuxcs.com 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ea.linuxcs.com
samba-dc.ea.linuxcs.com 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/samba-dc.ea.linuxcs.com as
SAMBA-DC$
update(nsupdate): A samba-dc.ea.linuxcs.com 192.168.1.80
Calling nsupdate for A samba-dc.ea.linuxcs.com 192.168.1.80 (add)
Successfully obtained Kerberos ticket to DNS/samba-dc.ea.linuxcs.com as
SAMBA-DC$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
samba-dc.ea.linuxcs.com. 900 IN A 192.168.1.80
but then followed by
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): CNAME
cdea986f-1d6f-4126-a4db-75507155bf68._msdcs.ea.linuxcs.com
samba-dc.ea.linuxcs.com
Calling nsupdate for CNAME
cdea986f-1d6f-4126-a4db-75507155bf68._msdcs.ea.linuxcs.com
samba-dc.ea.linuxcs.com (add)
Successfully obtained Kerberos ticket to DNS/samba-dc.ea.linuxcs.com as
SAMBA-DC$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
cdea986f-1d6f-4126-a4db-75507155bf68._msdcs.ea.linuxcs.com. 900 IN CNAME
samba-dc.ea.linuxcs.com.
...
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ea.linuxcs.com
samba-dc.ea.linuxcs.com 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ea.linuxcs.com
samba-dc.ea.linuxcs.com 389 (add)
Successfully obtained Kerberos ticket to DNS/samba-dc.ea.linuxcs.com as
SAMBA-DC$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ea.linuxcs.com.
900 IN SRV 0 100 389 samba-dc.ea.linuxcs.com.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 29 entries
Not sure what all that is about.